Google Wallet is a new near field communication (NFC) electronic wallet that allows customers to pay for everyday purchases by entering a PIN on their Android smartphone and tapping it on a receiver, similar to Mastercard PayPass.

What Rubin discovered is that a lost or stolen Android phone with Google Wallet configured is nearly as bad as handing over your credit card to whomever finds it.

The design of Google Wallet is such that the critical information like your account number is stored in a special hardware component of the phone called a Secure Element (SE).

Unfortunately the PIN required to complete transactions is not stored on the secure element, but instead is stored as a salted hash on the device itself.

What, you might ask? Chester, you are always lecturing us on how salted hashes are the way to go when it comes to securely storing passphrases!

That is true, but the issue here isn't so much the hashing method, it is the lack of entropy. A passphrase can, and should, be long and contain a bit of variation making it hard to compute in a reasonable amount of time.

Google Wallet is designed so that you get only six tries to input your PIN before the device will wipe your credit card details from the SE.

The trouble is the salted hash of your PIN is stored on the filesystem of the phone and Android phones are trivial to root. With root access you can bruteforce the PIN without using any of your official attempts.

PINs are only 4 digits. 10,000 tries is trivial to attempt every combination, even on the smartphone itself and that is exactly what Rubin has done.

Demo of Google Wallet Cracker

Rubin concludes that the correct solution to the problem (which he responsibly disclosed to Google) is to store the PIN on the SE itself. It appears that Google agrees, but things aren't always as simple as they might appear.

Enter the lawyers... Moving the PIN off of the phone's filesystem and onto the SE results in a "change of agency". This means the responsibility for keeping the PIN secure shifts from Google to the banks responsible for the SE.

What does this mean for Google Wallet users?

Well, if your phone is lost or stolen you should consider treating it like a lost or stolen credit card and report it immediately to both your credit card issuer and mobile phone company.

A determined thief could easily recover the PIN and make purchases given enough technical know-how.

Hopefully Google can iron out the details with the banks for moving the PIN onto the Secure Element and patch this flaw before it is widely exploited.

Adam, I think that you are ovelooking the possibility that an attacker can bypass a phone lock by rooting the phone. Only the third condition that you list, that you lose your phone, is required for a sufficiently determined attacker to access content on the filesystem.

On the other hand, if your phone is encrypted then that would protect you, and should make it safe to have a hashed PIN stored on the phone filesystem. You can encrypt your phone by going to Settings > Security > Encrypt phone. I have a lot of sensitive stuff on my phone, like emails and browser cookies; so I keep my phone encrypted.

Interesting to know that your phone has an encrypt feature. What android version was this started on, because mine does not have that option with 2.2.2. This is something I want to look into to see if it works with the Windows 7 Policy for Bitlocker/USB encryption, and how secure it is.

Also I concur the point of rooting a phone was to get past security measures and locks that companies and users put in place, while some devices have very simplified ways of rooting, others are just a minor pain, and a normal rooter will have it within the day. Now when you get to the Pin and hash file is where you know a true geek has gotten to the phone. I still think chances are slim maybe 1/100 people who find a phone would think to check if you have a google wallet, and then 1/1000 would spend the time trying to get this information.

The issue with rooting after the fact though, is that (currently) for any Android phone with Google Wallet support (Nexus 4S and Galaxy Nexus), all root methods will wipe the phone and thereby wipe the Google Wallet info.

Encryption is definitely another protection step though. Perhaps even force users to use screenlocks, encryption, etc - should the user choose to use Google Wallet.

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics.
You can follow Chester on Twitter as @chetwisniewski, on App.net as Chester, Chester Wisniewski on Google Plus or send him an email at chesterw@sophos.com.